CVE-2023-40281

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-40281

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40281.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-40281

Published

2023-08-17T07:15:44.153Z

Modified

2026-02-15T00:40:57.805201Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the product.

References

Affected packages

Git / github.com/ec-cube/ec-cube2

Affected ranges

Type: GIT
Repo: https://github.com/ec-cube/ec-cube2
Events: Introduced

0f4bf44ed1980ed45b18fc4dfa1543f51c57c48e

Fixed

eb43f49065a0e5f6c5367a5d2ae5fd994a5e3bb5

Introduced

9d428d236baa44358f56a38b3ba336222535f7fd

Fixed

25e9c8c90ed17ce6857b78570e403bfa11095941

Affected versions

eccube-2.*

eccube-2.17.0

eccube-2.17.1

eccube-2.17.1-RC

Other

eccube2-weekly-20201110

eccube2-weekly-20201117

eccube2-weekly-20201124

eccube2-weekly-20201201

eccube2-weekly-20201208

eccube2-weekly-20201215

eccube2-weekly-20201222

eccube2-weekly-20201229

eccube2-weekly-20210105

eccube2-weekly-20210112

eccube2-weekly-20210119

eccube2-weekly-20210126

eccube2-weekly-20210202

eccube2-weekly-20210209

eccube2-weekly-20210216

eccube2-weekly-20210223

eccube2-weekly-20210302

eccube2-weekly-20210309

eccube2-weekly-20210316

eccube2-weekly-20210323

eccube2-weekly-20210330

eccube2-weekly-20210406

eccube2-weekly-20210413

eccube2-weekly-20210420

eccube2-weekly-20210427

eccube2-weekly-20210504

eccube2-weekly-20210511

eccube2-weekly-20210525

eccube2-weekly-20210601

eccube2-weekly-20210608

eccube2-weekly-20210615

eccube2-weekly-20210622

eccube2-weekly-20210629

eccube2-weekly-20210706

eccube2-weekly-20210713

eccube2-weekly-20210720

eccube2-weekly-20210727

eccube2-weekly-20210803

eccube2-weekly-20210817

eccube2-weekly-20210824

eccube2-weekly-20210831

eccube2-weekly-20210907

eccube2-weekly-20210914

eccube2-weekly-20210921

eccube2-weekly-20210928

eccube2-weekly-20211005

eccube2-weekly-20211012

eccube2-weekly-20211019

eccube2-weekly-20211026

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40281.json"